Overview

overview

10

Static

static

7

SecuriteIn...04.elf

debian-9-armhf

10

Analysis

  • max time kernel
    1s
  • max time network
    126s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    30-04-2023 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Linux.Mirai.1.8473.19504.elf

  • Size

    32KB

  • MD5

    d0a268f9df5a2fb00dc98569ecc5ed59

  • SHA1

    6743dc3f503b1bb4e5de326d3572536bf5c9d3d6

  • SHA256

    7dc4e163ef46dddd9d92566d737a531ad484e71a9defd9ef4fe3748f20dfa84b

  • SHA512

    4ed464b1c90f62c6c15fd6c7b2a9799c1a8065cd60c93d61756612b9a772e1f701bf6ec9a00e645392db343d247606eca9b716a3587b53f7216b38b8a883d1e6

  • SSDEEP

    768:cLbu4t2Chu8AXCVnX/1KbrWOX2DQa4gHJUHC9q3UELS4:cLbu4Mqu8nXtKnRX2Dl9JWLD

Score
10/10
miraiunstbotnet

Malware Config

Extracted

Family

mirai

Botnet

UNST

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/SecuriteInfo.com.Trojan.Linux.Mirai.1.8473.19504.elf
    /tmp/SecuriteInfo.com.Trojan.Linux.Mirai.1.8473.19504.elf
    1⤵
    • Reads runtime system information
    PID:424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/424-1-0x00008000-0x0002fb78-memory.dmp

    Download